YoVDO

Lessons Learned from Generating 100M SBOMs - Google's Approach to SBOM Compliance

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Cybersecurity Courses Compliance Courses Software Bill of Materials Courses SPDX Courses SLSA Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore Google's journey in generating 100 million Software Bills of Materials (SBOMs) in response to the US White House Executive Order 14028. Discover the challenges faced, solutions implemented, and lessons learned as Google tackled the massive task of cataloging all their software. Gain insights into the organizational and engineering principles employed, including the involvement of various teams, the role of builders in SBOM generation, and the concept of attested SBOMs. Learn about the implementation of "less is more" approach and the utilization of Linux Foundation and Cloud Native Computing Foundation technologies such as SPDX, SLSA, and Intoto. Understand how Google navigated through questions regarding product selection, format choices, tooling decisions, responsibilities, storage solutions, and legal and privacy considerations to achieve SBOM compliance within a six-month timeframe.

Syllabus

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

The A's, B's, and Four C's of Testing Cloud-Native Applications
LASCON via YouTube
A Different Kind of S3 - First Line Security of the Supply Chain
Linux Foundation via YouTube
Accountability Taxonomy for AI Software Bill of Materials
Linux Foundation via YouTube
Activities in Japan and 10 Streams of OSS Security Mobilization Plan
OpenSSF via YouTube
Addressing Security Issues Before Production with Docker Scout
Docker via YouTube